From owner-freebsd-questions@FreeBSD.ORG Mon Apr 19 05:41:05 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0836316A4CE for ; Mon, 19 Apr 2004 05:41:05 -0700 (PDT) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9430A43D46 for ; Mon, 19 Apr 2004 05:41:04 -0700 (PDT) (envelope-from james@aricsi.com) Received: from bosco (ppp-66-139-166-51.dialup.ltrkar.swbell.net [66.139.166.51]) by smtp-relay.omnis.com (Postfix) with ESMTP id 46776100492 for ; Mon, 19 Apr 2004 05:40:52 -0700 (PDT) Message-ID: <000801c4260a$ab688a20$87312330@icsi.local> From: "James T. Harrison" To: Date: Mon, 19 Apr 2004 07:34:31 -0500 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: comments X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2004 12:41:05 -0000 My server had some apps running that should not have been there. You = have a hacker using your site to gather info on servers. =20 What are your plans to stop? What is your phone number and contact = name? Here is part of the script. Notice USA as the country. This is one of = many batch files that were found on my server. @echo off echo = *-------------------------------------------------------------------*>inf= o.txt echo *--Computer Specs.... = --*>>info.txt echo = *-------------------------------------------------------------------*>>in= fo.txt psinfo.exe -d >>info.txt echo = *-------------------------------------------------------------------*>>in= fo.txt echo *--List of Current Processes Running.... = --*>>info.txt echo = *-------------------------------------------------------------------*>>in= fo.txt pslist.exe>>info.txt echo = *-------------------------------------------------------------------*>>in= fo.txt echo *--Result of speed test from various countries.... = --*>>info.txt echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: DENMARK >>info.txt ftpc.exe -n -A -s:ftpc.cmds ftp.dk.FreeBSD.org >Status-1of15 findstr /C:"bytes rec" Status-1of15>>info.txt del ncurses.tar.gz echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: GERMANY >>info.txt del Status-1of15 ftpc.exe -n -A -s:ftpc.cmds ftp.de.freebsd.org >Status-2of15 findstr /C:"bytes rec" Status-2of15 >>info.txt del ncurses.tar.gz echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: NETHERLANDS >>info.txt del Status-2of15 ftpc.exe -n -A -s:ftpc.cmds ftp2.nl.freebsd.org >Status-3of15 findstr /C:"bytes rec" Status-3of15 >>info.txt del ncurses.tar.gz echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: USA >>info.txt del Status-3of15 ftpc.exe -n -A -s:ftpc.cmds ftp1.FreeBSD.org >Status-4of15 findstr /C:"bytes rec" Status-4of15 >>info.txt del ncurses.tar.gz echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: USA2 >>info.txt del Status-4of15 ftpc.exe -n -A -s:ftpc2.cmds ftp.lucasarts.com >Status-5of15 findstr /C:"bytes rec" Status-5of15 >>info.txt del Indyprev.zip echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: Canada >>info.txt del Status-5of15 ftpc.exe -n -A -s:ftpca.cmds ftp.crc.ca >Status-6of15 findstr /C:"bytes rec" Status-6of15 >>info.txt del latest-defs.exe echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: SWEDEN >>info.txt del Status-6of15 ftpc.exe -n -A -s:ftpc.cmds ftp.se.FreeBSD.org >Status-7of15 findstr /C:"bytes rec" Status-7of15 >>info.txt del ncurses.tar.gz echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: UK >>info.txt del Status-7of15 ftpc.exe -n -A -s:ftpc.cmds ftp.uk.FreeBSD.org >Status-8of15 findstr /C:"bytes rec" Status-8of15 >>info.txt del ncurses.tar.gz echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: FRANCE >>info.txt del Status-8of15 ftpc.exe -n -A -s:ftpc.cmds ftp8.fr.FreeBSD.org >Status-9of15 findstr /C:"bytes rec" Status-9of15 >>info.txt del ncurses.tar.gz echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: NL 2 >>info.txt del Status-9of15 ftpc.exe -n -A -s:ftpco.cmds 194.171.240.20 >Status-10of15 findstr /C:"bytes rec" Status-10of15 >>info.txt del patch-2.4.19.gz echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: NL 3 >>info.txt del Status-10of15 ftpc.exe -n -A -s:ftpce.cmds ftp.euronet.nl >Status-11of15 findstr /C:"bytes rec" Status-11of15 >>info.txt del 5M.bin echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: NL 4 >>info.txt del Status-11of15 ftpc.exe -n -A -s:ftpcy.cmds ftp.chello.nl >Status-12of15 findstr /C:"bytes rec" Status-12of15 >>info.txt del LT.zip echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: NO >>info.txt del Status-12of15 ftpc.exe -n -A -s:ftpcx.cmds ftp.no.FreeBSD.org >Status-13of15 findstr /C:"bytes rec" Status-13of15 >>info.txt del MBM5300.EXE echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: AT >>info.txt del Status-13of15 ftpc.exe -n -A -s:ftpch.cmds ftp.chello.at >Status-14of15 findstr /C:"bytes rec" Status-14of15 >>info.txt del dx5ger.exe echo = *-------------------------------------------------------------------*>>in= fo.txt echo COUNTRY: HU >>info.txt del Status-14of15 ftpc.exe -n -A -s:ftpch.cmds ftp.chello.hu >Status-15of15 findstr /C:"bytes rec" Status-15of15 >>info.txt del dx5ger.exe del Status-15of15 echo *---------------------------------- DONE = ---------------------------*>>info.txt echo . > "+Speed Test Complete"